Regardless of where you sit in the tech world, there is one thing that affects us all: security vulnerabilities. Unfortunately, our little green robot is no exception this rule, and The Register recently dropped a report on a potentially bad exploit.
Apparently, in Android 2.3.3 and below, there is a vulnerability that would allow attackers to collect digital tokens that are stored on the device after users login to Google Calendar, Facebook, Twitter, and "several other accounts." Read More
Skype released an update to its Android app this morning, remedying the vulnerability which exposed tons of personal info that we revealed last week. Our own Justin Case who originally found the issue has taken a look at the updated version of the app and confirmed that the exploit he developed to demonstrate the vulnerability no longer functions.
Specifically, Skype has changed the permissions of the databases (which contain the personal information) in question. Read More
Update #1: Skype is investigating the issue, we've been told.
Update #2: Skype's official first response can be found here.
The safety of our personal information is often a concern of mine - who has my email address, my phone number, my date of birth? How can I keep my private information safe while still enjoying the internet? These concerns have prompted me to take a deeper look at Android apps more than once, and often this can yield some frightening information. Read More
A new report from eWeek came out today stating that another researcher, Xuxian Jiang, this time from North Carolina State University, stepped forward with a tweak to the very same vulnerability Google reportedly patched. Read More
A few days ago, the code for the Nexus One's 2.2.1 update went AOSP (Android Open Source Project), meaning that the source code became available to developers. It was comprised mostly of bugfixes and other things that weren't major... oh, and it also patched the exploits that allowed Universal Androot to unlock your device. We had a short conversation about it on Twitter with Cyanogen (the conversation starts at the bottom and goes up):
As if breaking Universal Androot wasn't enough, apparently the new update also prevents existing installations of Swype and some other aftermarket keyboards from working. Read More